@kevinrabun/judges 3.117.1 → 3.117.2

package/dist/ast/taint-tracker.js

@@ -11,25 +11,8 @@
 // - Same-file inter-procedural taint (function parameter → return tracking)
 // - Guard clause sensitivity (validation guards reduce taint confidence)
 // ─────────────────────────────────────────────────────────────────────────────
-import { createRequire } from "node:module";
+import ts from "typescript";
 import { normalizeLanguage } from "../language-patterns.js";
-// Lazy-load the TypeScript compiler API so that modules which transitively
-// import this file (e.g. the VS Code extension bundle) do not crash at load
-// time when the `typescript` package is not available at runtime.
-//
-// In CJS bundles (esbuild for VS Code extension), `import.meta.url` is empty
-// but the bundler emits a CJS `require` for externals — so `require` just
-// works.  In native ESM (tests, CLI), we use `createRequire` from the real
-// `import.meta.url`.
-let _ts;
-function getTS() {
-    if (!_ts) {
-        const metaUrl = typeof import.meta?.url === "string" ? import.meta.url : undefined;
-        const req = metaUrl ? createRequire(metaUrl) : require;
-        _ts = req("typescript");
-    }
-    return _ts;
-}
 // ─── Source / Sink Definitions ───────────────────────────────────────────────
 const SOURCE_PATTERNS = [
     { pattern: /\breq(?:uest)?\.(?:body|query|params|headers|cookies)\b/i, kind: "http-param" },
@@ -164,7 +147,6 @@ function containsWordBoundary(text, varName) {
  * Tracks which function parameters flow to return values.
  */
 function buildFunctionTaintMap(sourceFile, _taintMap) {
-    const ts = getTS();
     const result = new Map();
     ts.forEachChild(sourceFile, function walk(node) {
         if (ts.isFunctionDeclaration(node) ||
@@ -213,7 +195,6 @@ function buildFunctionTaintMap(sourceFile, _taintMap) {
     return result;
 }
 function getFnName(node) {
-    const ts = getTS();
     if (ts.isFunctionDeclaration(node) || ts.isMethodDeclaration(node)) {
         return node.name?.getText();
     }
@@ -707,14 +688,7 @@ export function analyzeTaintFlows(code, language) {
     switch (lang) {
         case "javascript":
         case "typescript":
-            try {
-                return analyzeTypeScriptTaint(code, lang);
-            }
-            catch {
-                // typescript package unavailable (e.g. VS Code extension bundle) —
-                // fall through to regex-based analysis
-                return analyzeRegexTaint(code, LANGUAGE_PATTERN_MAP[lang]);
-            }
+            return analyzeTypeScriptTaint(code, lang);
         default: {
             const langPatterns = LANGUAGE_PATTERN_MAP[lang];
             return analyzeRegexTaint(code, langPatterns);
@@ -723,7 +697,6 @@ export function analyzeTaintFlows(code, language) {
 }
 // ─── TypeScript / JavaScript Taint Analysis ──────────────────────────────────
 function analyzeTypeScriptTaint(code, language) {
-    const ts = getTS();
     const scriptKind = language === "typescript" ? ts.ScriptKind.TS : ts.ScriptKind.JS;
     const sourceFile = ts.createSourceFile("input." + (language === "typescript" ? "ts" : "js"), code, ts.ScriptTarget.Latest, true, scriptKind);
     const flows = [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kevinrabun/judges",
-  "version": "3.117.1",
+  "version": "3.117.2",
   "description": "45 specialized judges that evaluate AI-generated code for security, cost, and quality.",
   "mcpName": "io.github.KevinRabun/judges",
   "type": "module",

package/server.json

@@ -7,12 +7,12 @@
     "url": "https://github.com/kevinrabun/judges",
     "source": "github"
   },
-  "version": "3.117.1",
+  "version": "3.117.2",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "@kevinrabun/judges",
-      "version": "3.117.1",
+      "version": "3.117.2",
       "transport": {
         "type": "stdio"
       }